Common crypto scams and how to avoid them

Key takeaways

• Assume any unsolicited token or NFT in your wallet is a scam, especially those offering something for free.
• Never click on links in paid google results, social posts, replies, or messages to access an app or airdrop.
• Use Phantom to safely access apps and airdrops that are verified and safe.
• Never give out your private key or secret recovery phrase!

With the increasing number of tokens, apps, and airdrops, there’s also a rise in scams aiming to steal them. It appears that almost every other day, there's a new story of someone being fooled into believing they've won a prize or used a legitimate app, only to discover they were on a malicious site and signed a transaction that emptied their wallet’s funds.

At Phantom, we’ve developed industry-leading technology and organizational security practices to help protect you, but it’s important to understand what popular scams look like today, so you can better protect yourself.

Here’s a list of the most common crypto scams to look out for, and solutions on how to avoid them.

Common crypto scams

Fake giveaways and airdrops

This scam promises you free tokens or NFTs to bait you into clicking a malicious link. Once you click the link, which is usually found in a spam NFT or fake ad, it directs you to a malicious website to connect your wallet or approve a transaction. If you do, it’ll drain your wallet.

⚠️ Assume any unsolicited NFT in your wallet is a scam and never click links in them.

⚠️ Watch out for red flag words in the metadata like "Free", "Gift", "Limited", "Offer", "Invitation", "Giveaway", "Official", "Congrats", "Mystery box", "Rewards", "Upgrade", and “Airdrop”.

✅ Use trusted banners or verified apps in Phantom to access apps and airdrops.

Copycat tokens

Scammers capitalize on hype by creating copycats of popular and trending tokens. These imitation tokens often use the same name, icon, and symbol as the real token with slight changes in the contract address to trick you into buying the fake token.

✅ Use official token contract addresses from trusted sources, like the project’s website, CoinGecko, or verified social media.

Customer support imposters

This involves scammers pretending to be a customer support representative, or another user, to trick you into providing sensitive information. Often, they provide a fake email address or link to a website where they ask you to divulge your seed phrase or sign a malicious transaction. Why? To drain your wallet.

⚠️ Never follow links from unsolicited support messages.

✅ You can safely access our Support team by opening your Phantom wallet and going to Settings > Help & Support > Start a chat > Submit a ticket.

Hacked or fake social media accounts

Sometimes sophisticated hackers impersonate users or gain control of the official social media accounts of brands that you follow. When they do, they often post links to fake airdrops, allow lists, or giveaways. If you’re not careful, you may think it’s legitimate and click through to connect your wallet. If you do, they’ll drain your wallet.

⚠️ Never click on links to airdrops or giveaways in any social media post.

✅ Use trusted banners or verified apps in Phantom to access apps and airdrops.

Deceptive messages and links in Discord, Telegram, and Twitter

Scammers often disguise themselves as members of an NFT community, crypto company, or even, your friend group. When they do, they’ll likely send you a direct message offering help or support in exchange for money or sensitive information, such as your seed phrase. Don’t fall for it. They’re trying to get your money, assets, or both.

⚠️ Never click on links in private messages on Discord, Telegram, or Twitter, even if you believe you know the person.

✅ Safely search and visit apps in Phantom.

Scam social media ads

Scammers create ads on social networks like X and YouTube to advertise fake airdrops and giveaways. Like the other scams, these ads lead to malicious website where you’ll be asked to connect your wallet and/or sign malicious transactions or messages. Don’t. If you do, they’ll drain your wallet.

It’s also important to note that these scams have become increasingly sophisticated, going as far as cloning websites and using artificial intelligence (AI) to impersonate crypto founders.

⚠️ Never click on links to apps, giveaways, or airdrops in paid social media ads.

✅ Use trusted banners or verified apps in Phantom to access airdrops.

Scam Google ads

Scammers pay for sponsored Google ads pretending to be official projects. These ads often show a project’s official URL, but then redirects you to a scam site with an unofficial URL—that closely mirrors the real one. When you connect your wallet to the fake site and sign a transaction, your wallet is drained.

⚠️ Never visit apps or airdrops from paid Google search results.

✅ Safely search and visit apps in Phantom.

Fake apps

Sophisticated scammers create fake apps that are able to circumvent Google and Apple app store reviews. They’ll use the logo and branding of legitimate apps to trick unsuspecting users into downloading the fake app which installs malware.

⚠️ Never download an app based on the search results in app stores.

✅ Use the download links provided on Phantom’s official website.

Rotten seed phrases

Bad actors will create wallets and post their seed phrases publicly, asking for assistance with a transaction or offering free money. When you import the seed phrase and attempt to transfer funds, there won’t be any native tokens for gas. As soon as you transfer native tokens for gas, your deposit is drained.

⚠️ Never use a seed phrase that someone has shared with you.

Address poisoning

⚠️ Never copy and paste an address from your transaction history.

✅ Always verify your wallet address before sending funds.

Fake Telegram bots

This scam involves creating a fake Safeguard bot on Telegram. Scammers will impersonate influencers and projects on social networks like X to get you to join their Telegram group. Once you join, they’ll immediately prompt you to verify yourself by running a command so they can install malware on your device and drain your wallet.

⚠️ Never run a command to join a Telegram group—a legitimate verification bot will not ask you to do so.

✅ Always verify the Safeguard bot username is @Safeguard or @SafeguardRobot, paying attention to subtle misspellings, before interacting.

How Phantom protects you

Now that you’ve learned how to identify the most common crypto scams, here are some of the everyday Phantom security features that help keep you safe.

Better spam detection

We make it easy to avoid spam. Using a combination of third-party verifications, machine learning models, SimpleHash spam scores, and user feedback, we automatically detect and remove spam from your wallet.

• We auto-detect and hide spam NFTs and their media.
• We automatically hide all fungible tokens that have an URL in the name.
• If a user reports a token or NFT as spam, it’s automatically hidden from the wallet.

Phantom Explore

Phantom Explore makes discovering and using your favorite apps safe and easy. Rather than worrying about clicking on malicious sites and links, you’re shown official websites and vetted apps. This allows you to discover, search, bookmark, and connect to apps with peace of mind.

Report as Spam

Our community helps make Phantom safer for everyone. Whenever you, and others, report spam right from the NFT, you not only protect yourself, but others as well.

How to report spam NFTs:

• Select the ellipsis icon on any unwanted NFT
• Select “Report as Spam and Hide”

That’s it. The spam NFT will be reported and moved to the Hidden folder.

As you report spam, our filters will learn how to identify and filter them to prevent future ones from reaching you.

Burn spam NFTs

This feature allows for the manual removal of unwanted spam NFTs.

How to remove spam NFTs:

• Select the NFT you want to burn in the Collectibles tab
• Select the Burn Token function located in the top-right ellipsis menu

Once you burn an NFT, the token will be permanently removed from your wallet and you’ll receive a bit of SOL that served as the "rent" for storage.

Note: It’s never dangerous to burn spam NFTs.

Transaction Previews

You can think of Transaction Previews as a firewall that identifies malicious transactions and warns you before you approve them. Every Phantom wallet utilizes Transaction Previews, which is powered by Blowfish, a company we incubated right here at Phantom.

Transaction Previews protects you against all kinds of attacks (phishing, dapp-level DNS hijacking, software supply chain attacks, and more) and empowers you with real-time warnings and human-readable transaction context.

Guard instructions

We collaborated with Lighthouse Protocol to enhance anti-spoofing transaction security with Guard instructions. This happens behind-the-scenes but ensures that the state changes presented in the transaction previews accurately reflect the actual transaction outcomes when executed on-chain.

Open-source blocklist

We’ve created an open-source and community-maintained blocklist of malicious domains that we block you from connecting to by accident.

Whenever we discover a malicious token or NFT, we add its contract address and domain to the block list, which hides the NFT from your wallet and creates a warning if you try to connect to the malicious site.

Warnings

In-app warnings keep you safe from common scam tactics like address poisoning and copycat tokens. If you copy an address from your transaction history that you haven’t sent funds to before, we warn you. If you’re trying to buy a popular token and it’s a copycat, we warn you.

Security metrics

Avoid rug pulls and assess potential risks on Token Pages. View details on percentage owned by the top holders, ownership status, and whether the token is mutable or mintable.

Security best practices

Here are few key tips to keep your Phantom wallet secure:

1. Never share your secret recovery phrase with anyone: Store your secret recovery phrase in a secure, offline location and never share it with anyone. Never enter your secret recovery phrase on any website. And Phantom Support will never ask you to share your secret recovery phrase.
2. Treat all unsolicited NFTs and tokens as suspicious: Assume any unexpected NFT or token airdrop is a scam. Avoid clicking links or approving transactions tied to these tokens.
3. Pay attention to transaction warnings: Phantom warns you about potentially malicious transactions through its simulation tool. If a warning appears, stop and verify the source.
4. Double-check URLs: Always verify links through official sources, like the project’s website, Discord, or Twitter. Be cautious of ads or slightly altered domain names.
5. Regularly scan for malware: Use trusted antivirus and anti-malware software to keep your devices clean.

Summary

As web3 becomes more popular, it not only attracts new excited users, but scammers as well. These bad actors try to take advantage of you through an array of common crypto scams, such as fake giveaways and airdrops, spam NFTs, scams ads, and more. But we're here to protect you. By practicing these security best practices, and using Phantom, you can avoid these common crypto scams and navigate web3 safely and easily.

Additional resources

• Common token scams
• Scam Tokens: Understanding the Risks
• Dealing with Spam, Scam, or Unexpected Tokens in Your Phantom Wallet
• Common NFT scams
• How to verify links present in the NFT description
• How to use blockchain explorers and analytical tools to stay safe from scams